[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fg_D05L1lgEIrtr8b4YWwxVcMobRaHYY0QWVP8pRDydQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":21,"unpatched_count":21,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":80},"flickr-widget","Flickr Widget","0.1","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>A widget which will display your latest Flickr photos.\u003C\u002Fp>\n","A widget which will display your latest Flickr photos.",200,48226,80,1,"2006-06-12T19:39:00.000Z","",[],"http:\u002F\u002Fdonncha.wordpress.com\u002Fflickr-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflickr-widget.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"donncha",12,31620,91,4657,73,"2026-04-04T11:02:48.434Z",[],{"attackSurface":35,"codeSignals":47,"taintFlows":72,"riskAssessment":73,"analyzedAt":79},{"hooks":36,"ajaxHandlers":43,"restRoutes":44,"shortcodes":45,"cronEvents":46,"entryPointCount":21,"unprotectedCount":21},[37],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","init","flickr_widgets_init","flickr_widget.php",118,[],[],[],[],{"dangerousFunctions":48,"sqlUsage":49,"outputEscaping":51,"fileOperations":21,"externalRequests":21,"nonceChecks":21,"capabilityChecks":21,"bundledLibraries":71},[],{"prepared":21,"raw":21,"locations":50},[],{"escaped":21,"rawEcho":52,"locations":53},8,[54,57,59,61,63,65,67,69],{"file":41,"line":55,"context":56},51,"raw output",{"file":41,"line":58,"context":56},52,{"file":41,"line":60,"context":56},71,{"file":41,"line":62,"context":56},72,{"file":41,"line":64,"context":56},78,{"file":41,"line":66,"context":56},102,{"file":41,"line":68,"context":56},103,{"file":41,"line":70,"context":56},104,[],[],{"summary":74,"deductions":75},"The flickr-widget plugin v0.1 exhibits a concerning security posture primarily due to a complete lack of output escaping. While the static analysis reveals no direct vulnerabilities like dangerous functions, SQL injection risks, or unsanitized taint flows, the failure to escape 100% of its output represents a significant risk. This indicates a high probability of cross-site scripting (XSS) vulnerabilities, as user-supplied data, if ever processed by the widget, would be rendered directly into the page without sanitization, allowing attackers to inject malicious scripts.  The absence of any known CVEs and a clean vulnerability history are positive signs, suggesting the plugin has not been historically a target or has not had exploitable flaws. However, this clean history, combined with the current state of unescaped output, suggests the plugin may be underdeveloped or has not undergone thorough security auditing. The limited attack surface is a minor positive, but it does not mitigate the critical flaw in output handling. A balanced conclusion is that the plugin has a low immediate exploitability based on historical data and lack of critical code signals, but the severe lack of output escaping makes it highly susceptible to XSS attacks if any user-controlled data is ever introduced or rendered.",[76],{"reason":77,"points":78},"0% output escaping",15,"2026-03-16T20:25:24.774Z",{"wat":81,"direct":87},{"assetPaths":82,"generatorPatterns":84,"scriptPaths":85,"versionParams":86},[83],"\u002Fwp-content\u002Fplugins\u002Fflickr-widget\u002Fstyle.css",[],[],[],{"cssClasses":88,"htmlComments":91,"htmlAttributes":94,"restEndpoints":109,"jsGlobals":110,"shortcodeOutput":111},[89,90],"flickr_badge_image","flickr_badge_uber_wrapper",[92,93],"\u003C!-- Start of Flickr Badge -->","\u003C!-- End of Flickr Badge -->",[95,96,97,98,99,100,101,102,103,104,105,106,107,108],"id=\"flickr_badge_source_txt\"","id=\"flickr_badge_icon\"","id=\"flickr_icon_td\"","class=\"flickr_badge_image\"","id=\"flickr_badge_uber_wrapper\"","id=\"flickr_www\"","id=\"flickr_badge_wrapper\"","id=\"flickr_badge_source\"","id=\"flickr-title\"","name=\"flickr-title\"","id=\"rss-items\"","name=\"rss-items\"","id=\"flickr-submit\"","name=\"flickr-submit\"",[],[],[]]